Just when you thought it was safe to go shopping again, Home Depot reported a data breach in September that lasted for months at its stores in the U.S. and Canada affecting 56 million debit and credit cards, more than the pre-Christmas 2013 cyber-attack on Target customers.
As a result, banks are being hit with fraudulent transactions that are affecting customer accounts, with criminals siphoning money from bank accounts to pay for items ranging from groceries to electronics, according to the Christian Science Monitor.
For businesses, data breach costs could include liabilities related to payment card networks for reimbursements of credit card fraud and card reissuance costs. It could also include civil suits and government investigations and enforcement proceedings. Losses can be staggering and are often eventually passed back to consumers in credit card fees.
In the event of a breach, costs to an organization’s reputation and its financial liability can be irreparable, especially for small businesses.
In the case of the attack on Target customers, Target offered one year of free credit monitoring and identity theft protection to all consumers who shopped in U.S. stores. So far, Target has spent $146 million in breach-related expenses, not including insurance payments, the Christian Science Monitor reported.
According to the Federal Trade Commission, identity theft was the number one fraud complaint during calendar year 2008. Surprisingly, a study released by Javelin Strategy and Research reported that in 2009 most identity thefts were taking place offline, not online — just the opposite of what many folks might think. When shopping at brick and mortar stores, be alert to both cyber and physical security threats:
- When using an ATM machine, make sure no one is hovering over you and can see you enter your password.
- Never write your passwords for credit cards or the ATM machine down, and if you must, do not keep them in your wallet which may be stolen — along with your credit cards and identification.
- Limit what you carry. When you go out, take only the identification, credit, and debit cards you need and double-check that you have your credit cards, identification and checkbook after each financial transaction.
- Always be aware of your surroundings. Be sure not to buy more than you can carry. If your packages are making it hard for you to walk or see, ask a store employee or security personnel to help you carry them to your car.
- Monitor your credit card and banking activity frequently and report any fraudulent charges to your bank and credit card company immediately.
Online Shopping Tips
Research and advisory firm Forrester Research reported that U.S. online retail sales accounted for almost 9 percent of the $3.2 trillion total U.S. retail sales last year, and is expected to grow at a compound annual growth rate of nearly 10 percent through 2018, reported Fortune.com in September.
Online shopping is convenient, easy and quick. But before you start adding items to your virtual cart, make sure your computer is up-to-date with the latest security software, web brower and operating system. Keeping a clean machine is the best defense against viruses, malware, and other online threats, according to StaySafeOnline.org.
Here are some other ways to protect your identity and prevent fraud when shopping online from StaySafeOnline.org:
- Protect your privacy by regularly changing your passwords and shop at home rather than on public Wi-Fi networks.
- Conduct independent research before you buy from a seller you have never done business with. Some attackers try to trick you by creating malicious websites that appear legitimate, so you should verify the site before supplying any information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill. Search for merchant reviews.
- Make sure the site is legitimate before you enter your personal and financial information to make an online transaction, look for signs that the site is secure. This includes a closed padlock on your web browser’s address bar or a URL address that begins with shttp or https. This indicates that the purchase is encrypted or secured. Never use unsecured wireless networks to make an online purchase.
- Protect your personal information. When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Make sure you understand how your information will be stored and used.
- Use safe payment options. Credit cards are generally the safest option because they allow buyers to seek a credit from the issuer if the product isn’t delivered or isn’t what was ordered. Also, unlike debit cards, credit cards may have a limit on the monetary amount you will be responsible for paying if your information is stolen and used by someone else. Never send cash through the mail or use a money-wiring service because you will have no recourse if something goes wrong. Don’t forget to review return policies. You want a no-hassle ability to return items.
- Keep a paper trail. Print and save records of your online transactions, including the product description, price, online receipt, terms of the sale, and copies of any email exchange with the seller. Read your credit card statements to make sure there aren’t any unauthorized charges. If there is a discrepancy, call your bank and report it immediately.
- Turn your computer off when you’re finished shopping. Many people leave their computers running and connected to the Internet day and night. This gives scammers 24/7 access to your computer to install malware and commit cybercrimes. To be safe, turn off your computer when it's not in use.
- Be wary of emails requesting information: Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Contact the merchant directly if you are alerted to a problem. Use contact information found on your account statement, not in the email.
The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT), Federal Trade Commission and FBI websites provide cybersecurity alerts, and information about how to protect yourself and your family, as well as instructions for reporting a crime if you have become a victim.
Be safe — not sorry!
FOR MORE CONSUMER CYBERSECURITY TIPS
FBI – http://www.fbi.gov
Federal Trade Commission – http://www.ftc.gov/
National Crime Prevention Council – http://www.ncpc.org/
StaySafeOnline.org – http://www.staysafeonline.org/
US-CERT – https://www.us-cert.gov/